Wow, that was quite a journey.
Thank you INE Security for this fantastic journey!
Why did I do that?
Addicted to certs? Kinda. Anyways. I had certs about web so far but little knowledge about networks. Network attacks, Pivoting, Buffer Overflow, Privilege Escalation… Maan this course and the exam cover really cool stuff. INE Security has amazing material and training labs, so I gave it a shot.
How was the learning material?
Videos and PDF — tooooooooooons. Easy to understand but… a loooot. Sometimes I jumped into the relevant labs directly :)
Labs — Heaaaaaaaavy on Metasploit but great. ~25 labs, stable environment. A couple of overlaps while solving them (which was ideal for me)
Does the exam cover all these material?
No. There are a lot of modules but not all of them are on the exam.
The exam includes web and please don’t underestimate web attacks on the exam.
How did I study?
I started studying around July, solve all the labs couple of times and started the exam at the end of September. Fair enough.
For Buffer Overflow, I found the pdf very complicated because I had no prior knowledge. It was terrifying for me. So I solved Tryhackme Buffer Overflow rooms (amazing) Now I am in love with BoF. My favorite.
https://tryhackme.com/room/bufferoverflowprep
For Pivoting, Post Exploitation lab was ok but you can also try the Tryhackme Wreath room.
The Exam
7 days for the exam and 7 days for reporting. I appreciate that. I started the exam at the end of September used all 7 days (as I only could use the evenings on weekdays) Then I used another 7 days for reporting (because why not?) And submitted the report on 10th of November.
Day 1
I could not start the exam right away because of a technical issue. Frustrating, huh? After I did some research I solved the issue and started. I think INE Security should take care of it at some point. Because it is completely from their side.
It started with web. Found some very basic vulnerabilities. Did some enumeration.
Day 2
Further enumeration and Voila! Got in. The shell that I got was extremely unstable and I almost lost my mind. All my meterpreter sessions were closed. I almost was gonna get a “Reason: Died” tattoo . It did not let me pivot to other network. I tried to solve it.
Day 3
I was able to pivot. Exploited ev’rythin’.
Day 4
I could do nothing. Noooothing.
Day 5
Found the BoF machine. My favourite part. The funniest part of the exam was that. Had a lot of fun.
Day 6
Further enumeration and pivoting. Ev’ry day I’m pivotin’.
Day 7
Got in DMZ but it took me hours to do priv esc. I did a lot of research. I was so stressed that the clock was ticking and I did not have much time. Anyway I got root before my exam time ends.
My 2c;
The training was beginner friendly, I loved it. I enjoyed it.
The exam environment was a nightmare at the beginning. You have to find another way for a stable shell.
The exam did not cover all the network attacks that were taught in the course.
You can use every tool. No restrictions. At least I learned how to use metasploit for certain attacks and pivoting and etc. But now I have to learn how to do them without metasploit :)
You may wait for the certificate for too long (it was 1 month for me) It is normal.
My report was ~65 pages. Make sure that you include evvvvverything. Every vulnerabilities that you encounter. Remember, it is a pentest.
Thanks for reading. May your Meterpreter sessions never die :)
